PyCon 2016 in Portland, Or
hills next to breadcrumb illustration

PyKMIP: Key Management for Python

Peter Hamilton

Audience level:
Intermediate
Category:
Security

Description

PyKMIP is a Python implementation of the Key Management Interoperability Protocol (KMIP), a client/server communication protocol for the storage and maintenance of key, certificate, and secret objects. PyKMIP provides a Python client and server implementation of the KMIP 1.1 specification, supporting basic lifecycle operations for the primary KMIP object types.

Abstract

Key and secret management are critical components of modern cryptosystems. Custom management solutions can introduce dangerous vulnerabilities to security-sensitive applications. It is therefore vital to use robust, peer-reviewed, and publicly tested key management solutions when transmitting and managing secret data. The Key Management Interoperability Protocol (KMIP) is a key management standard developed and maintained by the Organization for the Advancement of Structured Information Standards (OASIS). The protocol defines an encoding scheme for the transmission of key and secret data, providing a standard that can be leveraged by client/server and peer-to-peer applications to securely communicate sensitive information. KMIP is supported by dozens of security vendors and by many prominent programming languages. While growing in market share, KMIP solutions are often proprietary, requiring purchase and licensing for use. This poster introduces PyKMIP, a Python implementation of the KMIP specification. PyKMIP is the first open source Python library supporting KMIP, granting any Python application the ability to leverage KMIP for key and secret management. PyKMIP provides a Python client and server implementation of the KMIP 1.1 specification, supporting basic lifecycle operations for the primary KMIP object types, including symmetric/asymmetric keys, certificates, and various types of secret data.